Hackers have breached a database at Sony Ericsson’s Eshop online store for mobile phones in Canada, extracting personal information of more than 2,000 customers.

A customer watches a monitor of Sony's videogame PlayStation 3 at a Tokyo electric shop on April 27, 2011. On Tuesday, May 24, 2011, Sony said that hackers have now breached a database at Sony Ericsson’s Eshop online store for mobile phones in Canada, extracting personal information of more than 2,000 customers.

By:Michael LewisBusiness Reporter, Published on Tue May 24 2011

Hackers have breached a database at Sony Ericsson’s Eshop online store for mobile phones in Canada, extracting personal information of more than 2,000 customers.

Records including names, email addresses and encrypted passwords were taken by an outside party, the company said in a statement late Tuesday.

It said no additional personal or credit card details have been compromised, adding that the joint venture has disabled the e-commerce website, a standalone platform that is not connected to Sony Ericsson servers.

Idahca, a Lebanese hacking group, claimed responsibility for the attack and said contents have been leaked via Facebook and Twitter.

The group claims it could have extracted far more sensitive information such as credit card details, but declined to do so.

The latest attack follows a breach of Sony Corp.’s Greek music service data base that Sony revealed in a blog post Monday. It said hackers had obtained nonsensitive information from about 8,500 users, with the data posted by hackers to a public site.

On Tuesday, security firm Sophos said Sony Music Japan suffered the same fate — with hackers exploiting a system vulnerability and posting such taunts as “stupid Sony, so very stupid” inside the data they made available online.

A group known as Lulz Security, which attacks sites primarily for political reasons, claimed responsibility, said Chester Wisniewsk, a senior security adviser at Sophos. “This doesn’t change the criminality of their behavior. Accessing systems without authorization is still a crime in most countries.”

He said the database information obtained in Greece and Japan does not contain names, passwords or other personally identifiable information. “The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information.”

In April, Sony’s PlayStation Network system was hacked, affecting more than 100 million online accounts worldwide and forcing the company to shut down the popular online gaming service, although it did not report the breach until a week later.

The attack prompted Sony chief executive Howard Stringer to implement a cyber security makeover at the Tokyo-based, multinational entertainment conglomerate that includes appointment of a management level security oversight team.

And while the series of attacks suggest Sony has more work to do securing its networks Phil Lieberman, CEO of online security consulting firm Lieberman Software, said it is also the price Sony is paying for its hard-line approach to the hacking community.

“Telling them to bring it on is not the best strategy,” he said, adding that Stringer remains entrenched in his view that law enforcement and the courts offer the solution to online attacks.

While Sony focused heavily on protecting IP and enforcing copyright protections, the company appears to have done little to protect its massive presence on the Internet, Lieberman added. “I think Sony is beginning to understand it horribly underinvested in security.”

He also said Sony provoked “nuclear responses” from the hacking community after it sued George Hotz, the 21-year-old who hacked the fully locked Sony PS3 console in 2010. He then reverse-engineered his own PlayStation 3 to run homebrew applications and later released the method to the public through his website.

Sony responded with a lawsuit and demanded that social media sites including YouTube hand over IP addresses of people who visited Hotz’s social pages and videos.

Jason Maloni, senior vice-president of the crisis and litigation team at Levick Strategic Communications, said Sony needs to seek peace with the so-called hacktivists to win back consumer confidence.

“Settle, would be my best advice,” said Maloni, part of a crisis management team that helped Heartland Payment Systems respond to a 2008 breach that exposed data on close to 100 million debit and credit cards.

More on thestar.com

We value respectful and thoughtful discussion. Readers are encouraged to flag comments that fail to meet the standards outlined in our
Community Code of Conduct.
For further information, including our legal guidelines, please see our full website
Terms and Conditions.